Cybersecurity

Russia’s well-known cyber attacks on Western nations could be setting the country up for a powerful backlash, offers a retired U.S. Army expert formerly based in Moscow. After years of relentless penetrations and attacks on databases and infrastructure in U.S. and NATO countries, Russia now is finding itself as much—if not more—of a target of reciprocal cyber assault capabilities increasingly wielded by the West.

Starting from the first recorded raid on the monastery of Lindisfarne in 793, Viking raids presented European rulers with an unprecedented challenge. Fast, sleek longships could stealthily deploy alongside the coasts of early medieval England and France, striking at wealthy, isolated targets and departing before local authorities could mount a response.

In the rush to implement national security use cases for artificial intelligence and machine learning, policymakers need to ensure they are properly weighing the risks, say experts in the field.

Like all software, artificial intelligence (AI)/machine learning (ML) is vulnerable to hacking. But because of the way it has to be trained, AI/ML is even more susceptible than most software—it can be successfully attacked even without access to the computer network it runs on.

More than just a technology focus, zero trust (ZT) is an invitation for all of us to think differently about cybersecurity. We are losing on the cybersecurity battlefield, and continued investment in more advanced versions of the same architecture patterns will not change that.

The spate of 2021’s high-profile cyber attacks has caused policymakers and practitioners to seriously reevaluate the state of security for U.S. critical infrastructure and key resources. From the unprecedented SolarWinds supply-chain infiltration to the Colonial Pipeline ransomware attack to the most recent allegations of Chinese state actors infiltrating tens of thousands of Microsoft Exchange mail servers, the scale and scope of cyber attacks against public and private U.S. networks are only worsening. As 5G—and eventually 6G—moves to increasingly meshed networks, the challenge of network defense only grows.

Across the federal government, agencies are dealing with an explosion of cybersecurity data from new sensors, hyper-scale cloud infrastructure, microservices and a geographically distributed workforce—and the pace shows no sign of slowing.

Automation drives the ability for agencies to process and analyze these massive workloads, but if not deployed and managed with proper expertise, they can add complexity and risk.

The human factor looms as the most imposing challenge to implementing zero-trust security, say experts. Aspects of this factor range from cultural acceptance to training, and sub-elements such as organizations and technologies also will play a role. Ultimately, change will have to come from the top of an organization to be truly effective.

All security measures depend to a large degree on human cooperation, but that is only part of the picture for zero trust. Its implementation will entail a massive change in security procedures both for users and for network architects. And, the ability to share information across organizational boundaries will be strongly affected at all government levels.

The need for the United States to not only have digital literacy but also cybersecurity-educated students is prompting the addition of programs into the middle school level. Students in grades 6-8 can benefit greatly from having a foundational understanding of cyber concepts, as can the nation, officials say.

The U.S. National Security Agency (NSA)/Central Security Service’s National Cryptologic School, which already has a robust offering of cyber education programs across the elementary, high school, college and graduate student levels, is growing its specific offerings to middle schools, teachers and kids age 12-14.

The U.S. Army seeks to enhance the effectiveness of local cybersecurity defenders—and ultimately the joint force cyber warriors—by revamping organizational design, fielding the best technologies and improving training, Lt. Gen. John Morrison, USA, U.S. Amy deputy chief of staff, G-6, told the audience at the TechNet Cyber conference in Baltimore.

“Here’s my thesis: we have a lot of folks that are doing cybersecurity work, but we are not optimized across the entire joint force to conduct cybersecurity operations,” Gen. Morrison declared.

The United States is adding another tool in its attempt to improve cybersecurity. The U.S. State Department is in the process of standing up a bureau of cyberspace and digital policy. The new organization will conduct cyber diplomacy around the globe and set international norms around cybersecurity. The department is also creating a new position at State called the special envoy for critical and emerging technology.

Compared to an ambassador who is stationed in a foreign country to increase bilateral ties with the United States, a special envoy oversees a specific portfolio, in this case, critical and emerging technology. Both the senior bureau official and the special envoy roles would require Senate confirmation.

Cybersecurity Maturity Model Certification is a serious and involved process that will take time and resources, and for small companies, it’s often difficult to know where to start. Using these 12 steps, companies can effectively manage the transition from noncompliance to compliance.

Delphinus Engineering Inc.,* Eddystone, Pennsylvania (N64498-21-D-4044); Q.E.D.

Following the success of some initial, smaller-scale efforts, the U.S. Air Force is pursuing zero trust architecture on a level not seen before. The service’s Air Combat Command is leading the charge into many more initiatives with a comprehensive view to employ zero trust architecture across its bases, weapon systems and missions.

A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.

Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.

Cyber education and training should begin not in college, not in secondary school, not in middle school, not in elementary school, but at home as soon as children are able to view or use social media, say some experts. This training is important not just to lay the groundwork for future cybersecurity professionals in a field starved for expertise, but also to instill good cyber hygiene habits that can be passed on to other family members.

The massive cyber attack on the United States via information technology vendor SolarWinds continues to send shockwaves through the departments of Defense, State and Homeland Security as well as other agencies. Damage assessments are ongoing. If the U.S. government in general and Defense Department in particular are to successfully defend against attacks by well-funded, patient and highly motivated enemies, they will need to change their approach to defending their networks and systems.

The U.S. Department of Defense is looking at additive manufacturing technologies to rapidly prototype and build equipment components and increasingly, to potentially make replacement parts in the field.

While additive manufacturing, the ability to build plastic and metal parts by depositing a fine spray of material, has been used by the aerospace and defense sectors for some time, the capability is now becoming more portable. One such project is the U.S. Marine Corps’ X-Fab effort, which uses a shipping container loaded with compact additive manufacturing equipment that can be shipped anywhere in the world to make replacement parts.

Software-defined networks, commercial satellite communications, cognitive electronic warfare, intelligent radios and artificial intelligence applications all potentially offer the military advanced capabilities for the tactical environment, say Johns Hopkins University Applied Physics Laboratory’s (APL’s) Julia Andrusenko, chief engineer, Tactical Wireless Systems Group, and Mark Simkins, program manager, Resilient Tactical Communications Networks. 

NATO is at risk of losing its technology edge because of emerging and disruptive technologies increasingly developed within the civil sector. The growth of peer competitors’ determination, especially China, and the decline of technology education in Western countries are eroding the advantage they once skillfully held.

To address this state of affairs, the organization’s defense ministers are examining a number of activities. As a part of this initiative, the NATO Industrial Advisory Group (NIAG) conducted a study to provide the industry view of the implications of emerging and disruptive technologies (EDTs) and Chinese advances in defense operations and military capability development.

The Boeing Co., St. Louis, Missouri, was awarded a $10,579,798 modification (P00004) to contract W58RGZ19F0045 to integrate, test, upgrade and field functional hardware and software technology improvements and cybersecurity controls, to the Longbow Crew Trainer Generation Four and Generation Five fleets. Work will be performed in St. Louis, Missouri, with an estimated completion date of April 2, 2022. Fiscal year 2019 aircraft procurement (Army) funds in the amount of $10,579,798 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity.

Cyber Systems and Services Solutions, Bellevue, Nebraska, has been awarded a $17,765,741 firm-fixed-price and cost-plus-fixed-fee modification (P0010) to contract FA8773-18-D-0002 to exercise Option Three for defensive cyber realization, integration and operational support services. Work will be performed at Joint Base San Antonio (JBSA)-Lackland, Texas, and is expected to be completed February 28, 2022.  This modification is the result of a competitive acquisition and seven offers were received. Fiscal 2021 operation and maintenance funds in the amount of $8,764,731 are being obligated at the time of award. The 38th Contracting Squadron, JBSA-Lackland, Texas, is the contracting activity.

Booz Allen Hamilton Inc., McLean, Virginia, has been awarded a $21,744,548 cost-plus-fixed-fee modification (P00032) to contract FA8750-17-F-0105 for enterprise exploitation and information assurance. This contract modification provides for additional hours to facilitate development of electro-optical emerging data sources as part of the Assured Cyber Enterprise for the Intelligence Community Program.  Work will be performed in McLean, Virginia, and is expected to be completed September 28, 2021. Fiscal 2020 research, development, test and evaluation funds in the amount of $74,381 are being obligated at the time of award.

The cybersecurity of civil government, critical infrastructure and business infrastructure remains uneven. Worrying reports of ransomware affecting city and county governments as well as local health care organizations have put leaders and administrators, and infrastructure operators on edge.